From: Miklos Szeredi <mszeredi@redhat.com>
To: linux-fsdevel@vger.kernel.org
Cc: Al Viro <viro@zeniv.linux.org.uk>, NeilBrown <neil@brown.name>
Subject: [PATCH] fuse: prevent exchange/revalidate races
Date: Wed, 17 Sep 2025 17:30:24 +0200 [thread overview]
Message-ID: <20250917153031.371581-1-mszeredi@redhat.com> (raw)
If a path component is revalidated while taking part in a
rename(RENAME_EXCHANGE) request, userspace might find the already exchanged
files, while the kernel still has the old ones in dcache. This mismatch
will cause the dentry to be invalidated (unhashed), resulting in
"(deleted)" being appended to proc paths.
Prevent this by taking the inode lock shared for the dentry being
revalidated.
Another race introduced by commit 5be1fa8abd7b ("Pass parent directory
inode and expected name to ->d_revalidate()") is that the name passed to
revalidate can be stale (rename succeeded after the dentry was looked up in
the dcache).
By checking the name and the parent while the inode is locked, this issue
can also be solved.
This doesn't deal with revalidate/d_splice_alias() races, which happens if
a directory (which is cached) is moved on the server and the new location
discovered by a lookup. In this case the inode is not locked during the
new lookup.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
fs/fuse/dir.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 5c569c3cb53f..7148b2a7611a 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -235,9 +235,18 @@ static int fuse_dentry_revalidate(struct inode *dir, const struct qstr *name,
attr_version = fuse_get_attr_version(fm->fc);
+ inode_lock_shared(inode);
+ if (entry->d_parent->d_inode != dir ||
+ !d_same_name(entry, entry, name)) {
+ /* raced with rename, assume revalidated */
+ inode_unlock_shared(inode);
+ return 1;
+ }
+
fuse_lookup_init(fm->fc, &args, get_node_id(dir),
name, &outarg);
ret = fuse_simple_request(fm, &args);
+ inode_unlock_shared(inode);
/* Zero nodeid is same as -ENOENT */
if (!ret && !outarg.nodeid)
ret = -ENOENT;
--
2.51.0
next reply other threads:[~2025-09-17 15:30 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-17 15:30 Miklos Szeredi [this message]
2025-09-17 15:36 ` [PATCH] fuse: prevent exchange/revalidate races Al Viro
2025-09-17 15:42 ` Miklos Szeredi
2025-09-17 16:41 ` Al Viro
2025-09-17 17:27 ` Miklos Szeredi
2025-09-17 17:43 ` Al Viro
2025-09-17 17:45 ` Al Viro
2025-09-18 1:43 ` NeilBrown
2025-09-18 10:02 ` Miklos Szeredi
2025-09-19 8:20 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250917153031.371581-1-mszeredi@redhat.com \
--to=mszeredi@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=neil@brown.name \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).